skin color theme

Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Advertisements

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

First close any other programs you have running as this will require a reboot

Double click NoLop.exe to run it

Now click the button labelled "Search and Destroy"<<your computer will now be scanned for infected files>>

When scanning is finished you will be prompted to reboot only if infected, Click OK

Now click the "REBOOT" Button.

A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Problem seems resolved. i have not got another pop up IE window. Thanks
I couldn't run the kaspersky scan though since active X couldn't be installed even when I gave permission
can you suggest any other online scan
thanks
pankaj sharma MD

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

If you are having problems with the updater, you can use this link to manually update AVG anti-spyware.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit wiht too many spam posting to allow guest posting to continue just find your country room and register your complaint.The infection you had was LOP

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.NOTE: only do this ONCE,NOTon a regular basis

Keep your antivirus and firewall updated

Keep windows up to date with the latest patches

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Install spywareblaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here
You can download SpywareBlaster here here
Make sure to update it on a regular basis

Install IE-SPYAD
Dowload and instructions located here
Make sure to update it on a regular basis

Use a HOSTS file

Every version of windows has a hosts file as part of them.

In a very basic sense, they are used to locate webpages.

We can customize a hosts file so that it blocks certain webpages.

However, it can slow down certain computers.

This is why using a hosts file is optional!!

Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:

Click the start button (at the lower left hand corner of your screen)

Click run

In the dialog box, type services.msc

hit enter, then locate dns client

Highlight it, then double-click it.

On the dropdown box, change the setting from automatic to manual.

Click ok

Install and use Ad-aware & Spybot search & destroy
Instructions are located here
Make sure to update them on a regular basis

Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
Two good alternative browsers areFirefoxOpera
It is essential to update to the latest version of your browser, as the updates fix known security holes

Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
Change the allow paste operations via script to Disable
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Clean out you temp file on a regular basis
I use and recommend ATF Cleaner by Attribune
To use it, follow these instructions

Double-click ATF-Cleaner.exe to run the program.

Click Main at the top and choose Select All from the list.

Click the Empty Selected button.

If you use Firefox browser:

Click Firefox at the top and choose Select All from the list.

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser:

Click Opera at the top and choose Select All from the list.

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.